A device is provided for encrypting and/or decrypting a point cloud having a plurality of data points that collectively produce a three-dimensional (“3D”) image. Each data point may have a set of elements with values that define a position of the data point in 3d space and visual characteristics of the data point. Encrypting the point cloud may include deterministically a set of data point to encrypt, and deterministically changing the data point element values of the selected data points so that the 3d image produced by the encrypted data points is different than the 3d produced from the unencrypted data points. Decrypting the resulting encrypted point cloud may include deterministically reselecting the encrypted data points using an encryption key, and deterministically reversing the changes made to the data point element values of the selected data points based on transformations that are specified as part of the encryption key.
|
1. A method comprising:
receiving an encrypted point cloud, the encrypted point cloud comprising a plurality of data points with one or more data points that are encrypted with at least a first encryption, each data point of the plurality of data points comprising a set of elements with values that define a position of the data point in a three-dimensional (“3D”) space and visual characteristics of the data point;
generating a 3d image at a first resolution in response to rendering the encrypted point cloud without decryption, wherein generating the 3d image at the first resolution comprises determining a first set of the plurality of data points that are accessible as a result of the first encryption and rendering the 3d image at the first resolution based on the first set of data points, wherein the first set of data points does not include a second set of the plurality of data points that are hidden as a result of the first encryption; and
generating the 3d image at a second resolution in response to rendering the encrypted point cloud with decryption of the first encryption, wherein generating the 3d image at the second resolution comprises decrypting the first encryption, obtaining access to the second set of data points in response to decrypting the first encryption, and rendering the 3d image at the second resolution based on the first set of data points and the second set of data points.
17. A device comprising:
one or more processors configured to:
receive an encrypted point cloud, the encrypted point cloud comprising a plurality of data points with one or more data points that are encrypted with at least a first encryption, each data point of the plurality of data points comprising a set of elements with values that define a position of the data point in a three-dimensional (“3D”) space and visual characteristics of the data point;
generate a 3d image at a first resolution in response to rendering the encrypted point cloud without decryption, wherein generating the 3d image at the first resolution comprises determining a first set of the plurality of data points that are accessible as a result of the first encryption and rendering the 3d image at the first resolution based on the first set of data points, wherein the first set of data points does not include a second set of the plurality of data points that are hidden as a result of the first encryption; and
generate the 3d image at a second resolution in response to rendering the encrypted point cloud with decryption of the first encryption, wherein generating the 3d image at the second resolution comprises decrypting the first encryption, obtaining access to the second set of data points in response to decrypting the first encryption, and rendering the 3d image at the second resolution based on the first set of data points and the second set of data points.
18. A non-transitory computer-readable medium, storing a plurality of processor-executable instructions to:
receive an encrypted point cloud, the encrypted point cloud comprising a plurality of data points with one or more data points that are encrypted with at least a first encryption, each data point of the plurality of data points comprising a set of elements with values that define a position of the data point in a three-dimensional (“3D”) space and visual characteristics of the data point;
generate a 3d image at a first resolution in response to rendering the encrypted point cloud without decryption, wherein generating the 3d image at the first resolution comprises determining a first set of the plurality of data points that are accessible as a result of the first encryption and rendering the 3d image at the first resolution based on the first set of data points, wherein the first set of data points does not include a second set of the plurality of data points that are hidden as a result of the first encryption; and
generate the 3d image at a second resolution in response to rendering the encrypted point cloud with decryption of the first encryption, wherein generating the 3d image at the second resolution comprises decrypting the first encryption, obtaining access to the second set of data points in response to decrypting the first encryption, and rendering the 3d image at the second resolution based on the first set of data points and the second set of data points.
2. The method of
generating the 3d image at a full third resolution that is greater than the second resolution in response to rendering the encrypted point cloud with decryption of the first encryption and a second encryption, wherein generating the 3d image at the full third resolution comprises decrypting the first encryption and the second encryption, obtaining access to a third set of the plurality of data points in response to decrypting the second encryption, and rendering the 3d image at the full third resolution based on the first set of data points, the second set of data points, and the third set of data points that collectively represent the plurality of data points.
3. The method of
receiving a first decryption key; and
decrypting the second set of data points to render with the first set of data points using the first decryption key.
4. The method of
receiving a second decryption key; and
decrypting the third set of data points to render with the first set of data points and the second set of data points using the second decryption key.
5. The method of
receiving a decryption key;
determining access privileges associated with a user or a device of the user receiving the encrypted point cloud; and
wherein generating the 3d image at the first resolution comprises determining that the access privileges associated with the user or the device prevent usage of the decryption key, and
wherein generating the 3d image at the second resolution comprises determining that the access privileges associated with the user or the device permit usage of the decryption key.
6. The method of
distributing the encrypted point cloud without a decryption key for the first encryption to a first group of users that are provided limited access to the encrypted point cloud; and
distributing the encrypted point cloud with a decryption key for the first encryption to a different second group of users that are provided full access to the encrypted point cloud.
7. The method of
8. The method of
encrypting the encrypted point cloud with a second encryption in addition to the first encryption, wherein the second encryption hides a different third set of the plurality of data points within the encrypted point cloud.
9. The method of
wherein the second set of data points are interspersed between the first set of data points, and
wherein the second set of data points increases a level of detail in a region that is rendered with the first set of data points.
10. The method of
wherein the first set of data points comprises every Nth data point of the plurality of data points, and
wherein the second set of data points comprises all other data points of the plurality of data points not within the first set of data points.
11. The method of
wherein generating the 3d image at the first resolution comprises providing a thumbnail preview of the 3d image, and
wherein generating the 3d image at the second resolution comprises providing a full resolution rendering of the 3d image.
12. The method of
preventing access to the second set of data points as a result of the first encryption.
13. The method of
wherein the encrypted point cloud further comprises a plurality of slices that represent data points from the plurality of data points at different planes, and
wherein the first encryption removes access to one or more data points from each slice of the plurality of slices.
14. The method of
wherein generating the 3d image at the first resolution comprises accessing the encrypted point cloud without a decryption key, and
wherein generating the 3d image at the second resolution comprises accessing the encrypted point cloud with a decryption key.
15. The method of
16. The method of
|
|||||||||||||||||||||||||
This application is a continuation of U.S. nonprovisional application Ser. No. 16/953,787 entitled “Systems and Methods for Point Cloud Decryption”, filed Nov. 20, 2020 and now issued as U.S. Pat. No. 10,964,035, which is a continuation of U.S. nonprovisional application Ser. No. 15/929,948 entitled “Systems and Methods for Point Cloud Encryption”, filed May 29, 2020 and now issued as U.S. Pat. No. 10,853,955. The contents of application Ser. Nos. 16/953,787 and 15/929,948 are hereby incorporated by reference.
A point cloud may include a set of data points for representing a three-dimensional (“3D”) or volumetric object or image. The point cloud data points may differ from pixels of a two-dimensional (“2D”) image. The point cloud data points may include positional and non-positional information. However, certain regions of the point cloud may have no data points, lower densities of data points, and/or higher densities of data points based on varying amounts of visual information that is detected at those regions. In contrast, pixels of a 2D image have a pre-determined uniform density and pre-determined fixed arrangement that is defined by the resolution of the 2D image. Moreover, the point cloud data points may have a non-uniform placement or positioning, whereas the 2D image has pixel data for each pixel of a defined resolution or shape (e.g., 640×480, 800×600, etc.).
The following detailed description refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements.
Point clouds may store information or images that is confidential or proprietary. Without encryption, anyone that obtains a copy of a point cloud file may be able to access the information or image therein. For instance, patient medical imaging scans may be captured as one or more point clouds. These points clouds may contain confidential or regulated information that should only be accessed by authorized personnel (e.g., the patient and/or the medical practitioner for that patient). A vehicle manufacturer may expend considerable resources to generate detailed point clouds for autonomous vehicle operation. The vehicle manufacturer may want to safeguard the point cloud data from misappropriation or theft. Similarly, a graphic arts, film, movie, print, and/or another studio may create and/or store their work as point clouds, and may want to secure those works from theft even if unauthorized users gain access to the point cloud files.
Accordingly, disclosed are systems and methods for point cloud encryption. The point cloud encryption encrypts the point cloud file so that the information or images therein cannot be accessed in their original format by unauthorized devices or users that have access to the point cloud file. The encryption may include scrambling, changing, and/or otherwise modifying the point cloud data points so that any image that is rendered based on the encrypted point cloud file and/or data points of the point cloud file is distorted or unusable. In other words, the image that is rendered from the encrypted data points of a particular point cloud file may have no or a fractional number of data points in common with the image that is rendered from decrypted or unencrypted data points of the same particular point cloud file, such that the rendered images have little to no resemblance with one another. The point cloud encryption therefore prevents unauthorized users from being able to access the point cloud information despite having access to the file storing the point cloud with the encrypted data points.
The point cloud encryption may generate a key after encrypting a point cloud. The key may be used by authorized users and/or devices to decrypt the encrypted point cloud file, and to access the decrypted data points of that point cloud. Specifically, the key may be used to reverse the scrambling, changing, and/or modifying of the encrypted point cloud data points. Without the key, decryption of the point cloud may be impossible or extremely difficult.
In some embodiments, each point cloud data point may correspond to a part of an imaged object. Each point cloud data point may include positional information such as a coordinate within a three-dimensional (“3D”) space. For instance, each point cloud data point may include x-coordinate, y-coordinate, and z-coordinate data point elements to represent the position of the imaged part in the 3D space.
In some embodiments, each point cloud data point may include non-positional information or data point elements. The non-positional data point elements may include information about the visual characteristics of the imaged part. The visual characteristics may correspond to a detected color. The color may be represented using red, green, and blue (“RGB”) values. In some embodiments, the visual characteristics may provide the chrominance and/or luminance of the imaged part. In some other embodiments, the visual characteristics may be related to properties of the imaging device used to capture the object part at a particular data point. For instance, the visual characteristics may include a Tesla strength value to quantify the strength of the magnetic field that was used in detecting and/or imaging the object part. In some embodiments, the non-positional data elements may include energy, audible or sound, and/or other characteristics of the imaging device or the object being imaged. Accordingly, the non-positional data element can include any property of the imaged object part (e.g., hue, saturation, brightness, reflectivity, etc.) or of the imaging device used to capture the object part at a corresponding data point in 3D space.
Each point cloud data point may include an array of data point elements. The array of data point elements may provide the positioning of the data point in 3D space as well as one or more visual characteristics of that data point. For instance, a point cloud data point may be stored and/or represented as an array of data point elements with some combination of x-coordinate, y-coordinate, z-coordinate, red, green, blue, chrominance, luminance, tesla, and/or other values. The point cloud data points and the values of their corresponding data point elements may be generated by a 3D or depth-sensing camera, Light Detection and Ranging (“LiDAR”), Magnetic Resonance Imaging (“MRI”) devices, Positron Emission Tomography (“PET”) scanning devices, Computerized Tomography (“CT”) scanning devices, time-of-flight devices, and/or other imaging equipment.
An encryption device may encrypt and/or decrypt different point clouds using one or more types of encryption. The one or more types of encryption may include applying the same encryption with different parameters that lead to scrambling, changing, and/or modifying of different point cloud data points or data point elements, and/or applying different encryptions to perform different scrambling, changing, and/or modifying of the data points. To decrypt an encrypted point cloud, the encryption device may reverse each encryption that is applied to the encrypted point cloud in the opposite order each encryption was applied to encrypt the point cloud.
Encryption device 205 may overwrite the first set of data points 210 of the point cloud file with the second set of data points 220 to encrypt the point cloud file. In some embodiments, encryption device 205 may write the second set of data points 220 to a new encrypted point cloud file that is stored separate from the unencrypted point cloud file.
In some embodiments, the file extension and/or the filename of the encrypted point cloud file may identify the encryption that was performed (e.g., swapping the x-coordinate data point element with the z-coordinate data point element and the y-coordinate data point element with the luminance data point element). Accordingly, when decrypting the encrypted point cloud file, encryption device 205 and/or another decryption device may determine the encryption that was performed based on the file extension and/or the filename, and may decrypt the first set of data points 210 from the second set of data points 220 by undoing the identified encryption (e.g., swap the x-coordinate data point element with the z-coordinate data point element and the y-coordinate data point element with the luminance data point element). In this case, the encrypted point cloud file can be decrypted by performing the encryption operations a second time to return the scrambled data point elements to their original locations within each data point.
In some embodiments, encryption device 205 may generate a key that identifies the encryption that was performed to produce the second set of data points 210. Encryption device 205 or another decryption device may use the key to decrypt the encrypted point cloud file and to restore the unencrypted first set of data points 210 from the second set of data points 220.
The key may be a hashed value, an encoded value, or another value that obscures the encryption that was performed from an unsupported or unsecure device. The key may be embedded with the encrypted point cloud file. For instance, encryption device 205 may store the key in the metadata, header, or body of the encrypted point cloud file. In some embodiments, the key may be stored as part of one or more point cloud data points. For instance, the key information about the encryption that was performed may be stored in the metadata of a specific data point that has a particular coordinate within the point cloud (e.g., particular positional data element values). In some such embodiments, encryption device 205 or another decryption device may receive the coordinates for the specific data point storing the encryption key from a user or other input, and may decrypt the encrypted point cloud file based on the encryption key that is extracted from the metadata or other data of the specific data point. Encryption device 205 may also encode or encrypt the encryption key when storing the key as part of one or more point cloud data points in order to prevent a user or device from scanning the data points to identify the encryption key. Alternatively, the key may be stored separate from the encrypted point cloud file in a database or a separate file.
Encryption device 205 may vary the data point scrambling to alter the encryption and/or increase or decrease the level of encryption. For example, encryption device 205 may scramble one pair of data point elements for each data point to reduce the computational overhead for encrypting or decrypting a file. As another example, encryption device 205 may deterministically select less than all of the first set of data points 210 to scramble in order to reduce the computational overhead. Scrambling half of the data points may be sufficient to obfuscate the original 3D image or object.
Encryption device 205 may vary the data point scrambling to provide different encryptions for different files so that a user device that may decrypt a first encrypted file generated by encryption device 205, may be unable to decrypt a second encrypted file generated by encryption device 205 because of the different scrambling or encryption used for each of the first encrypted file and the second encrypted files. Encryption device 205 may vary the data point scrambling for different point cloud files, for different data points within the files, based on data point element values, and/or based on external values or keys. For instance, encryption device 205 may generate and/or use a first key to swap the value of the x-coordinate data point element and the value of the z-coordinate data point element for every data point in a first point cloud file, and may generate and/or use a second key to swap the value of the y-coordinate data point element and the value of the chrominance data point element for every third data point in a second point cloud file. Accordingly, the first key cannot be used to decrypt the second point cloud file, and the second key cannot be used to decrypt the first point cloud file.
Encryption device 205 may use a deterministic encryption algorithm to select every other data point within the point cloud, and to perform one of three different data point modifications on a selected data point in order to generate (at 320) second set of encrypted data points 330 for an encrypted point cloud file.
As shown in
In some embodiments, encryption device 205 may alter which data points are selected for encryption based on a file size, name, checksum, and/or another static identifier of the point cloud file. For instance, encryption device 205 may hash the checksum, and encryption device 205 may determine to encrypt all data points, every other data point, every third data point, etc. based on the hash result. Alternatively, encryption device 205 may select which data points to encrypt based on an encryption configuration file or encryption parameters, or based on a random number generator that generates a selector value for specifying which data points to encrypt. The selector value may be stored as part of the encryption key that is used to decrypt the encrypted point cloud.
To further increase the level of encryption, encryption device 205 may perform a dynamic encryption of the data points, whereby the encryption and/or scrambling applied to each data point is not deterministically defined, but is rather dynamically determined based on one or more values of the data point or other data.
As shown in
Encryption device 205 may hash the luminance data point element value to determine which data point elements to swap and/or another encryption to apply to the data point. In some embodiments, the dynamic encryption may be based on another data point element or two or more data point elements (e.g., two or more of the x-coordinate, y-coordinate, z-coordinate, red, green, blue, chrominance, luminance, and tesla values) of the same data point, and may involve swapping one or more pairs of data point elements. In some embodiments, the dynamic encryption may involve swapping data point elements of a particular data point based on one or more preserved data point elements of one or more other data points (e.g., swap the y-coordinate value and the z-coordinate value of a first data point based on the x-coordinate value of a second data point). In any case, encryption device 205 may dynamically encrypt the point cloud data points as a result of conditioning the encryption of the data points based on one or more data point element values, or conditioning the encryption on other point cloud data. Encryption device 205 and/or another decryption device may read an encryption key to determine the function, formula, and/or other parameters by which the dynamic encryption can be reversed and the data point elements of the encrypted data points can be restored to their original values.
Instead of swapping data point elements, the dynamic encryption may include changing or modifying values for one or more data point elements of a selected data point based on one or more other values of that selected data point or other data points.
Encryption device 205 may receive unencrypted first set of data points 210, and may produce encrypted second set of data points 505 by deterministically selecting different data points from the unencrypted first set of data points 210, deterministically selecting a different encryption function to apply to a selected data point, and performing a dynamic encryption based on the selected encryption function and values for one or more data point elements of the selected data point. As shown in
The encrypted point cloud file extension, filename, metadata, header, key, and/or other data (e.g., data point metadata) may encode the encryption that was performed including the algorithms and/or parameters that were used to select data points for encryption, and that were used to determine which data point elements to swap, change, or otherwise encrypt. Encryption device 205 or another decryption device may reference the file extension, filename, metadata, header, key, and/or other data in order to decrypt the encrypted data points, and to restore the data point values for rendering the original point cloud image.
In some embodiments, encryption device 205 may perform a batch encryption of data points to obfuscate and distort data points of a point cloud. The batch encryption may include applying different transformations to different sets of data points, rather than modifying each data point individually.
Each slice 620 may correspond to a different and/or mutually exclusive set of data points from point cloud 610. The partitioning of point cloud 610 into slices 620 or the selection of the set of data points for each slice 620 may be determined algorithmically or based on the encryption that is applied to that point cloud 610.
In some embodiments, slices 620 may be defined to include different data points based on the values of one or more data point data elements. For instance, each slice 620 may include the data points on a particular coordinate plane (e.g., data points having one or more of a common x-coordinate value, y-coordinate value, or z-coordinate value). In
In some embodiments, slices 620 may be defined to include different data points that are selected based on one or more reference data points in unencrypted point cloud 610 and/or one or more positions within or around unencrypted point cloud 610. For example, slices 620 may be defined based on a particular internal data point of unencrypted point cloud 610, and may include data points falling within different vectors and/or projections that originate from the particular internal data point. As another example, slices 620 may include data points that fall within different volumes, cubes, cylinders, planes, or other projections from a selected position inside or around unencrypted point cloud 610, and wherein the selected position need not correspond to a data point of unencrypted point cloud 610. As yet another example, first slice 620-1 may be defined to include a first set of data points that fall within a first projection from a first position (e.g., data points falling within a cone originating in a particular direction from the first position), and second slice 620-2 may be defined to include a second set of data points that fall within a different second projection from a different second position (e.g., data points falling within a cube that is centered about the second position). In other words, slices 620 can be defined from different views of unencrypted point cloud 610 and/or different reference points.
Encryption device 205 may perform different rotations for one or more of slices 620. Encryption device 205 may perform a rotation by increasing or decreasing one or more data point elements for all data points in a particular slice 620 by the same amount or according to a formula. In some embodiments, the data points in slice 620 may be represented in a matrix, and a matrix transformation may be performed to produce the rotation. As shown in
Encryption device 205 may adjust the data points of each slice or may adjust the data points of a deterministically selected subset of slices. Encryption device 205 may adjust one or more data point elements for each encrypted slice differently using a deterministic formula that specifies the adjustment amount for each adjusted data point element of each slice. For instance, the formula may specify multiplying the x-coordinate value of each data point in a first slice by a first number, increasing the chrominance of each data point in the first slice by a second number, multiplying the x-coordinate value of each data point in a second slice by a third number, and increasing the chrominance of each data point in the second slice by a fourth number. The deterministic formula may also adjust the data points by skewing, compressing (e.g., reducing radial distance between the data points and/or eliminating a data point based on values of neighboring data points), expanding (e.g., increasing the radial distance between the data points and/or creating false data points based on values of neighboring data points), and/or otherwise changing one or more data point elements of the data points.
In some embodiments, slices 620 may include data points from different frames of a video or stream. In some such embodiments, each frame may include data points for representing a 2D or 3D image, or transformations to a 2D or 3D object. Accordingly, the encryption applied to each slice 620 in
In some embodiments, encryption device 205 may determine the varying amount with which to adjust a data point based on the distance between that data point and starting point 720. In some embodiments, encryption device 205 may determine the varying amount with which to adjust a data point based on the angle separating that data point from starting point 720.
The adjustments can include changing values for one or more data point elements of data points. For instance, the adjustments may include rotating the data points by changing x-coordinate and y-coordinate values of the data points by varying amounts.
Encryption device 205 may perform different varying adjustments to different slices of the point cloud (e.g., data points with different z-coordinate values) to further scramble point cloud 710 and/or increase the number of distinct transformations that are needed to decrypt resulting encrypted point cloud 730. For instance, encryption device 205 may encrypt data points in a first slice by adjusting those data points based on their distance from starting point 720 and a first value (e.g., a first multiplier), and may encrypt data points in a second slice by adjusting those data points based on their distance from starting point 720 and a different second value.
In any case, the varying encryption that is applied to unencrypted point cloud 710 may create a varying distortion across the rendered image of encrypted point cloud 730 that partially or fully obscures the original image of the unencrypted point cloud 710. The encryption is, however, lossless, and the original values for data points of point cloud 710 can be restored from the adjusted values of the encrypted data points of encrypted point cloud 730 by reversing the adjustments.
Encryption device 205 may select any data point of point cloud 710 or any point within an acceptable range of values (e.g., any point within the minimum and maximum of x-coordinate, y-coordinate, and z-coordinate values of point cloud 710) as starting point 720. Accordingly, starting point 720 may be a point or position that is different from any data point of unencrypted point cloud 710 and/or may include any position outside, around, or inside unencrypted point cloud 710 from which the adjustments and/or encryptions to the point cloud data points may be computed or determined.
Starting point 720 and/or the method for computing the varying adjustments may be stored as part of the encryption key that may be used to decrypt encrypted point cloud 730. The encryption key may be a file or data structure that is stored separate from encrypted point cloud 730 file, or may be encoded within the file header, metadata, file extension, filename, and/or other data of the encrypted point cloud 730 file.
In any case, encryption device 205 and/or another decryption device may receive the file for encrypted point cloud 730 and the encryption key. Using the encryption key, encryption device may determine where to set starting point 720 within encrypted point cloud 730, and may determine a varying amount of adjustment to apply to the encrypted data points in order to restore them to their original values so that the original image of unencrypted point cloud 710 can be accessed.
Encryption device 205 may perform other varying encryptions that produce a non-static or dynamic adjustment to the data points. In some embodiments, encryption device 205 may adjust the data points of each slice dynamically based on values for one or more data point elements of the data points in the slice. For instance, encryption device 205 may sum, average, hash, and/or perform another calculation of the y-coordinate values and/or z-coordinate values for the data points having a particular z-coordinate value, and may determine the degree of rotation along the x-axis or the amount by which to adjust the x-coordinate value of each data point based on the y-coordinate value calculation and/or z-coordinate value calculation. The rotations may adjust the x-coordinate values, but preserve the y-coordinate values and/or z-coordinate values by which encryption device 205 may decrypt the data points by undoing the rotations and/or x-coordinate value adjustments.
In some embodiments, encryption device 205 may perform multiple rotations along different axes to increase the level of encryption for the resulting encrypted point cloud. For instance, encryption device 205 may partition data points of an unencrypted point cloud along a first axis (e.g., x-axis), may rotate or adjust each particular slice by a different amount along a second axis (e.g., y-axis) based on the first axis values of the data points in that particular slice, and may rotate or adjust each particular slice by a different amount along a third axis (e.g., z-axis) based on the first axis values of the data point elements in that particular slice, thereby producing an encrypted point cloud.
Since the first axis values of the data points are preserved in the encrypted point cloud, encryption device 205 may decrypt the encrypted point cloud by first reversing the different rotations or adjustments to each particular slice along the third axis based on the first axis values of the data points in that particular slice, and then reversing the different rotations or adjustments to each particular slice along the second axis based on the first axis values of the data points in that particular slice.
The sequence of rotations and formulas used to determine the amount of adjustment may be encoded within the encrypted point cloud file extension, filename, header, metadata, key, and/or other data or files. For instance, a key value of “10ACVA312” may map to an encryption whereby each slice in a point cloud is rotated about the x-axis using a first starting value that increases linearly for each next slice, and is then rotated about the y-axis using a second starting value that increases by a fixed third value for each next slice.
To increase the level of encryption, encryption device 205 may select slices based on two or more parameters, thus making identification of the encrypted data points more difficult. For instance, a first slice may include all data points of a point cloud with a particular z-coordinate value and with a y-coordinate value that is greater than a first value, and a second slice may include all data points of a point cloud with the same particular z-coordinate value and with a y-coordinate value that is less than a second value. Accordingly, there can be multiple slices within the same coordinate plane, and encryption device 205 may implement different adjustments to these slices so that the data points within the same coordinate plane are encrypted differently. Similarly, encryption device 205 may include different sets of data points within different slices based on deterministic equations, volumetric shapes, and/or projections from any data point or position within, around, or outside the point cloud subject to encryption.
Encryption device 205 may select first slice 820 corresponding to a first set of data points in an upper left region of point cloud 810, and second slice 830 corresponding to a second set of data points in a center right region of point cloud 810. Encryption device 205 may select first slice 820 and 830 using an algorithm and/or values from two or more data point elements associated with the data points. For instance, the first set of data points of first slice 820 may include data points of point cloud 810 that have a particular z-coordinate value, have an x-coordinate value that is less than a first value, and have a y-coordinate value that is greater than a second value. The second set of data points of second slice 830 may include data points of point cloud 810 that have the particular z-coordinate value, have an x-coordinate value that is greater than the first value, and have a y-coordinate value within a bounded range.
Encryption device 205 may perform a first adjustment to first slice 820 and a different second adjustment to second slice 830 in order to encrypt the first set of data points of first slice 820 differently than the second set of data points of second slice 830. The first adjustment and the second adjustment may include different rotations of the first set of data points and the second set of data points. Moreover, the first adjustment and the second adjustment may be performed in a manner that allows encryption device 205 to reselect the first set of data points and the second set of data points from the encrypted point cloud for decryption. Encryption device 205 may also adjust the luminance or chrominance values of the first set of data points and the second set of data points so that the adjusted data points can be differentiated from the non-adjusted data points of the encrypted point cloud.
In some embodiments, the slices may include 3D groupings of data points that are selected for encryption. For instance, a slice may be defined as a cube with data points that are within a range of x-coordinate values, y-coordinate values, and/or z-coordinate values.
Encryption device 205 may increase the level of encryption by performing multiple transformations on the data points of a 2D or 3D slice.
In some embodiments, encryption device 205 may tag or otherwise differentiate the data points that have been encrypted from the other data points, that have not been adjusted or encrypted, so that the encrypted data points may be later decrypted to restore the original point cloud image. Alternatively, the selection of the slices and the transformations that are applied to those slices may be implemented in a manner whereby encryption device 205 can reselect the data points after the transformations for decryption without affecting other data points of the point cloud. For instance, the data points of first slice 910 may correspond to topmost rows of data points in a point cloud. Accordingly, the first transformation and the second transformation that are applied to the data points may adjust the data point values without causing those data points to become interspersed with data points outside of first slice 910. The encryption key may then be used to select the encrypted data points of first slice 910, and may specify adjustments to reverse the second transformation and then the first transformation in order to restore the data points to their original values.
In some embodiments, encryption device 205 may be configured to deterministically select and swap data points within a point cloud in order to encrypt that point cloud. The swapping of data points may include swapping non-positional data point elements between different pairs of data points in the point cloud.
As shown in
Encryption device 205 may produce encrypted point cloud 1020 by deterministically selecting different pairs of data points from unencrypted point cloud 1010, and by swapping the non-positional data point elements between each pair of data points. For instance, encryption device 205 may write the C, L, R, G, and B data point elements of data point 1030 in unencrypted point cloud 1010 into the C, L, R, G, and B data point elements of data point 1040 in encrypted point cloud 1020, and may write the C, L, R, G, and B data point elements of data point 1040 in unencrypted point cloud 1010 into the C, L, R, G, and B data point elements of data point 1030 in encrypted point cloud 1020.
Encrypted point cloud 1020 may retain the 3D structure or shape of unencrypted point cloud 1010. However, the lighting, coloring, reflectivity, and/or other visual characteristics will be distorted such that encrypted point cloud 1020 could not be used as a substitute for unencrypted point cloud 1010 or to reproduce the image of unencrypted point cloud 1010. In other words, rendering encrypted point cloud 1020 will yield a different image than rendering unencrypted point cloud 1010.
Encryption device 205 may generate an encryption key to identify the pairs of data points with exchanged data point elements. The encryption key may be generated through a pair-wise listing of the positional data point elements for the linked data points, and/or a hash of the pair-wise listing. For instance, the encryption key for encrypted point cloud 1020 of
Encryption device 205 may increase the level of encryption of an encrypted point cloud by chaining together and/or implementing two or more of the above described encryptions. For instance, decryption of an encrypted point cloud can be made more difficult by performing two or more of the intra-data point element swapping of
Encryption device 205 may perform any number of these different encryptions in any order to generate an encrypted point cloud, and may decrypt the encrypted point cloud by performing or reversing the encryptions in reverse of the order they were performed to generate the encrypted point cloud. Encryption device 205 may identify the encryptions that were performed and the order the encryptions were performed to generate an encrypted point cloud in a multi-stage encryption key.
Moreover, encryption device 205 may apply different encryptions or the same encryptions in different orders to different point clouds that are part of the same file. For instance, the encryptions may be chained in a different order to perform a different multi-stage encryption for each frame of a video, wherein each frame may be represented as a different point cloud or different plurality of data points.
Encryption device 205 may generate the multi-stage encryption key as each encryption is performed to a particular point cloud. For instance, encryption device 205 may provide an identifier for each encryption. The identifier may identify one or more of the encryption that was performed, a deterministic selection of data points to which the encryption was applied, a formula for identifying the data points to which the encryption was applied, a formula or deterministic algorithm for adjusting data point element values of the selected data points, parameters associated with the data point element modification, and/or parameters, formulas, or algorithms associated with that encryption. Encryption device 205 may hash each identifier, or may combine the identifiers before hashing them. In some embodiments, encryption device 205 may encode the identifiers so that they are not in a human-readable format, or may encode the identifiers with codes that map to the information represented by the identifier. The encoded identifiers may be deciphered or mapped by encryption device 205 and/or another supported decryption device. The multi-stage encryption key may be stored separate from the encrypted point cloud file, or may be encoded as part of the encrypted point cloud file extension, filename, header, metadata, and/or other data.
Process 1100 may include receiving (at 1110) an unencrypted point cloud. For instance, encryption device 205 may receive a file with a plurality of data points that can be rendered to produce a 3D structure or shape of an object based on positional and non-positional data point elements of each data point.
Process 1100 may include configuring (at 1115) one or more encryptions from a plurality of supported encryptions to apply to the unencrypted point cloud. Configuring (at 1115) the one or more encryptions may include specifying which data points are subject to the encryption, and/or parameters that specify how the selected encryption is used in scrambling, changing, or otherwise modifying the selected data points. Encryption device 205 may configure (at 1115) the one or more encryptions in response to a user selecting the one or more encryptions or specifying a desired level of encryption. A lower level of encryption may produce less distortion or obfuscation of the data points with fewer encryptions than a higher level of encryption. For instance, a lowest level of encryption may include performing a computationally efficient encryption on less than half the data points, and a higher level of encryption may include performing three or more different computationally expensive encryptions on different sets of the data points that collectively represent all the data points of the point cloud. In some embodiments, encryption device 205 may be integrated as part of a secure system, and may automatically configure (at 1115) the one or more encryptions based on a configured level of security for the secure system.
Process 1100 may include selecting (at 1120) a next encryption from the configured list of encryptions. Process 1100 may include selecting (at 1125) a next set of the data points to encrypt using the selected encryption based on selection criteria associated with the selected encryption. The selection criteria may include a sequential or ordered selection (e.g., all data points, every other data point, etc.), or may include a deterministic selection of data points. For instance, the next set of data points may include a slice that corresponds to data points in a particular coordinate plane or region of the point cloud. In some embodiments, selecting (at 1125) the next set of data points may include encryption device 205 opening the received point cloud file, and scanning for data points that match the selection criteria configured for the selected encryption.
Process 1100 may include determining (at 1130) one or more encryption transformations to apply to the selected data points based on the selected encryption. The selected encryption may apply a static, deterministic, or dynamic adjustment to the selected data point data point elements, and may include a formula, algorithm, and/or parameters for determining the targeted data point elements of the selected data points and the adjustment to apply to the targeted data point elements. Determining (at 1130) the encryption transformations may include calculating or computing an adjustment to one or more data point elements of a selected data point based on the static, deterministic, or dynamic adjustment that is to be applied. Determining (at 1130) the encryption transformations may include processing and/or scanning the data points to identify data point elements that are subject to encryption or adjustment based on the selected encryption and/or data point elements of the data points.
Process 1100 may include encrypting (at 1135) the selected data points by applying the encryption transformations to adjust one or more data point elements of the selected data points. Encrypting (at 1135) the selected data points may include overwriting data point elements for the selected data points in the received point cloud file, or writing the adjusted data point elements for the selected data points and unadjusted data point elements for non-selected data points to a separate file storing the encrypted point cloud.
Process 1100 may include determining (at 1140) whether the selected encryption applies to another set of data points in the point cloud. For instance, determining (at 1130) the encryption transformations and encrypting (at 1135) the selected data points may be repeated for a particular encryption if the particular encryption involves selecting (at 1125) different sets of data points, determining (at 1130) different encryption transformation to apply to the selected slice or set of data points, and encrypting (at 1135) the set of data points before selecting a next slice or set of data points for the particular encryption, wherein the different encryption transformations may be based on different parameters that specify different adjustments to make to the data point elements for each set of selected data points (e.g., different slice rotations, different data point element modifiers for different sets of data points, etc.).
In response to determining (at 1140—Yes) the current encryption is to be applied to another set of data points, process 1100 may include selecting (at 1125) the next set of data points, determining (at 1130) the one or more encryption transformations to apply, and encrypting (at 1135) the selected set of data points. In response to determining (at 1140—No) that all data points of the point cloud subject to the current encryption have been encrypted, process 1100 may include adding (at 1145) to the encryption key. Adding (at 1145) to the encryption key may include providing (at 1145) an identifier that specifies the encryption that was applied. The identifier may identify the encryption that was applied, selection criteria for selecting the data points that were encrypted as part of the identified encryption, and/or parameters for determining the encryption transformations that were used to encrypt the selected data points. The identifier may be an encoded alphanumeric value. For instance, the identifier “E1S2P3” may use the encoded value “E1” to identify that a first data point element swap encryption was performed, the encoded value “S2” to identify that the selection criteria involved applying the first data point element swap encryption to every other data point, and the encoded value “P3” may specify that the x-coordinate value was swapped with the chrominance value. The encryption key identifier may have additional or different encoded values to define the application of different supported encryptions to the point cloud data points.
Process 1100 may include determining (at 1150) if encryption of the point cloud is incomplete. Encryption of the point cloud may be complete once each encryption from the configured list of encryptions has been used to adjust the data points of the point cloud, and may be incomplete if there is at least one additional encryption in the configured list of encryptions that has not been applied to the point cloud.
In response to determining (at 1150—Yes) that the point cloud encryption is incomplete, process 1100 may include selecting (at 1120) the next encryption from the configured list of encryptions, and performing the next encryption on the data points that were adjusted with the last encryption, thereby chaining multiple encryptions together and using different encryption techniques to further encrypt the data points and increase the level of encryption (e.g., increase the decryption difficulty and computation). Performing the next encryption may include selecting (at 1125), determining (at 1130), and encrypting (at 1135) the data points based on the next encryption.
In response to determining (at 1150—Yes) that encryption of the point cloud is complete, process 1100 may include storing (at 1155) the encrypted data points to an encrypted point cloud file, and providing (at 1160) the encryption key for decryption of the encrypted point cloud file. Storing (at 1155) the encrypted data points to an encrypted point cloud file may include overwriting the received point cloud file with the data point elements of the encrypted data points, or writing the encrypted data points to a new file. Providing (at 1160) the encryption key may include writing the encryption key with the identifier for each applied encryption to a separate file than the encrypted point cloud file, storing the encryption key in memory, storage, or decryption database, or embedding the encryption key as part of the encrypted point cloud file header, metadata, file extension, filename, or other data.
Decryption of the encrypted point cloud file may include performing an inverse of process 1100 in which the encrypted point cloud file is received with the encryption key, and the encryptions, that were performed to create the encrypted point cloud file, are performed in reverse order (e.g., last to first). In some embodiments, encryption device 205 and/or another decryption device may decode the last identifier that was added to the encryption key, may determine the encryption that was last applied as well as the selection criteria for the targeted data points and the transformation parameters used to adjust the data point elements of the targeted data points from the last identifier, may revert the data point element adjustments, and may repeat until all encryption identifiers from the encryption key have been used. The decryption may restore the data point elements of the data points that were adjusted by each encryption until the original data point elements for the data points of the unencrypted point cloud remain. The data point elements for the unencrypted data points can then be used to generate the original 3D image or rendering of the unencrypted point cloud.
In some embodiments, the point cloud encryption may be used to limit access to the 3D image or rendering of the unencrypted point cloud, rather than obfuscate or distort the 3D image or rendering. For instance, a user may wish to provide lower resolution previews of the 3D image or rendering, or may want to distribute the point cloud but limit the amount of information that is accessible to a certain group of users.
In some embodiments, encryption device 205 may encrypt the point cloud in a manner that reduces the resolution or amount of information that is accessible without obfuscating or entirely distorting the 3D image. In some such embodiments, encryption device 205 may perform a multi-stage encryption of a point cloud, and each additional encryption may hide or remove access to a greater number of data points. For instance,
The different resolution point clouds 1220, 1240, and 1260 may be stored as different files or contained in one file whereby the different resolution point clouds 1220, 1240, and 1260 may be decrypted and/or accessed depending on encryption keys or access permissions provided to different users or devices. For instance, second encrypted point cloud 1260 may be distributed to a set of users along with different encryption keys. A first user or device may receive second encrypted point cloud 1260 with no encryption key, and may therefore only be able to access the data points of second encrypted point cloud 1260 from which the lowest resolution image may be generated. A second user or device may receive second encrypted point cloud 1260 with an encryption key that includes a first identifier for reversing the second encryption in order to gain access to the data points of first encrypted point cloud 1240 from which the middle resolution image of first encrypted point cloud 1240 may be generated. A third user or device may receive second encrypted point cloud 1260 with an encryption key that includes a first identifier and a second identifier for reversing the second encryption and the first encryption in order to gain access to the data points of the original point cloud 1220 from which the original high resolution image of point cloud 1220 may be generated. In some embodiments, the encryption key with the first identifier and the second identifier may be distributed to all users and/or devices, but certain users or devices may be prevented from using one or more of the first identifier and the second identifier because of access privileges associated with the user or device. For instance, to initiate access to the point cloud, a user may be required to enter login credentials, and encryption device 205 may determine which encryption key identifiers may be used by that user based on the login credentials which, in turn, controls which of point clouds 1220, 1240, and 1260 that user may access.
In some embodiments, encryption device 205 may correspond to one or more devices with processors and/or specialized hardware (e.g., a graphical processing unit (“GPU”)) for encrypting and decrypting point clouds and/or other files. Encryption device 205 may include a portable computing device, such as a personal digital assistant (“PDA”), a “smart” phone, a cellular phone, a laptop computer, a tablet computer, etc. Encryption device 205 may also include a non-portable computing device, such as a desktop computer, a consumer or business appliance, a “smart” television, a set-top box, a gaming device, or another device that can be used to access a point cloud and/or render the images thereof. In some embodiments, encryption device 205 may be implemented as part of a video card, GPU, application-specific integrated circuit (“ASIC”), or other hardware that can be used for point cloud encryption and/or decryption.
In some embodiments, encryption device 205 may be a software component that is executed by one or more processors in order to encrypt and/or decrypt point clouds and/or other files. In some such embodiments, encryption device 205 may be locally or remotely accessed by one or more user devices.
Bus 1310 may include one or more communication paths that permit communication among the components of device 1300. Processor 1320 may include a processor, microprocessor, GPU, ASIC, video card, or processing logic that may interpret and execute instructions. Memory 1330 may include any type of dynamic storage device that may store information and instructions for execution by processor 1320, and/or any type of non-volatile storage device that may store information for use by processor 1320.
Input component 1340 may include a mechanism that permits an operator to input information to device 1300, such as a keyboard, a keypad, a button, a switch, etc. Output component 1350 may include a mechanism that outputs information to the operator, such as a display (e.g., 2D, 3D, virtual reality, augmented reality, holographic, etc.), a heads-up display, a projector, a speaker, one or more light emitting diodes (“LEDs”), etc.
Communication interface 1360 may include any transceiver-like mechanism that enables device 1300 to communicate with other devices and/or systems. For example, communication interface 1360 may include an Ethernet interface, an optical interface, a coaxial interface, or the like. Communication interface 1360 may include a wireless communication device, such as an infrared (“IR”) receiver, a Bluetooth® radio, or the like. The wireless communication device may be coupled to an external device, such as a remote control, a wireless keyboard, a mobile telephone, etc. In some embodiments, device 1300 may include more than one communication interface 1360. For instance, device 1300 may include an optical interface and an Ethernet interface.
Device 1300 may perform certain operations relating to one or more processes described above. Device 1300 may perform these operations in response to processor 1320 executing software instructions stored in a computer-readable medium, such as memory 1330. A computer-readable medium may be defined as a non-transitory memory device. A memory device may include space within a single physical memory device or spread across multiple physical memory devices. The software instructions may be read into memory 1330 from another computer-readable medium or from another device. The software instructions stored in memory 1330 may cause processor 1320 to perform processes described herein. Alternatively, hardwired circuitry may be used in place of or in combination with software instructions to implement processes described herein. Thus, implementations described herein are not limited to any specific combination of hardware circuitry and software.
The foregoing description of implementations provides illustration and description, but is not intended to be exhaustive or to limit the possible implementations to the precise form disclosed. Modifications and variations are possible in light of the above disclosure or may be acquired from practice of the implementations.
The actual software code or specialized control hardware used to implement an embodiment is not limiting of the embodiment. Thus, the operation and behavior of the embodiment has been described without reference to the specific software code, it being understood that software and control hardware may be designed based on the description herein.
For example, while series of messages, blocks, and/or signals have been described with regard to some of the above figures, the order of the messages, blocks, and/or signals may be modified in other implementations. Further, non-dependent blocks and/or signals may be performed in parallel. Additionally, while the figures have been described in the context of particular devices performing particular acts, in practice, one or more other devices may perform some or all of these acts in lieu of, or in addition to, the above-mentioned devices.
Even though particular combinations of features are recited in the claims and/or disclosed in the specification, these combinations are not intended to limit the disclosure of the possible implementations. In fact, many of these features may be combined in ways not specifically recited in the claims and/or disclosed in the specification. Although each dependent claim listed below may directly depend on only one other claim, the disclosure of the possible implementations includes each dependent claim in combination with every other claim in the claim set.
Further, while certain connections or devices are shown, in practice, additional, fewer, or different, connections or devices may be used. Furthermore, while various devices and networks are shown separately, in practice, the functionality of multiple devices may be performed by a single device, or the functionality of one device may be performed by multiple devices. Further, while some devices are shown as communicating with a network, some such devices may be incorporated, in whole or in part, as a part of the network.
To the extent the aforementioned embodiments collect, store or employ personal information provided by individuals, it should be understood that such information shall be used in accordance with all applicable laws concerning protection of personal information. Additionally, the collection, storage and use of such information may be subject to consent of the individual to such activity, for example, through well-known “opt-in” or “opt-out” processes as may be appropriate for the situation and type of information. Storage and use of personal information may be in an appropriately secure manner reflective of the type of information, for example, through various encryption and anonymization techniques for particularly sensitive information.
Some implementations described herein may be described in conjunction with thresholds. The term “greater than” (or similar terms), as used herein to describe a relationship of a value to a threshold, may be used interchangeably with the term “greater than or equal to” (or similar terms). Similarly, the term “less than” (or similar terms), as used herein to describe a relationship of a value to a threshold, may be used interchangeably with the term “less than or equal to” (or similar terms). As used herein, “exceeding” a threshold (or similar terms) may be used interchangeably with “being greater than a threshold,” “being greater than or equal to a threshold,” “being less than a threshold,” “being less than or equal to a threshold,” or other similar terms, depending on the context in which the threshold is used.
No element, act, or instruction used in the present application should be construed as critical or essential unless explicitly described as such. An instance of the use of the term “and,” as used herein, does not necessarily preclude the interpretation that the phrase “and/or” was intended in that instance. Similarly, an instance of the use of the term “or,” as used herein, does not necessarily preclude the interpretation that the phrase “and/or” was intended in that instance. Also, as used herein, the article “a” is intended to include one or more items, and may be used interchangeably with the phrase “one or more.” Where only one item is intended, the terms “one,” “single,” “only,” or similar language is used. Further, the phrase “based on” is intended to mean “based, at least in part, on” unless explicitly stated otherwise.
Monaghan, Robert, Bogacz, Joseph, Maruvada, Venkatarao
| Patent | Priority | Assignee | Title |
| 11468583, | May 26 2022 | Illuscio, Inc.; ILLUSCIO, INC | Systems and methods for detecting and correcting data density during point cloud generation |
| 11527017, | May 03 2022 | Illuscio, Inc.; ILLUSCIO, INC | Systems and methods for dynamic decimation of point clouds and data points in a three-dimensional space |
| 11580656, | May 26 2022 | Illuscio, Inc. | Systems and methods for detecting and correcting data density during point cloud generation |
| 11586774, | Nov 12 2021 | Illuscio, Inc. | Systems and methods for dynamic checksum generation and validation with customizable levels of integrity verification |
| 11881002, | May 03 2022 | Illuscio, Inc. | Systems and methods for dynamic decimation of point clouds and data points in a three-dimensional space |
| Patent | Priority | Assignee | Title |
| 20080072078, | |||
| 20160088286, | |||
| 20190180502, | |||
| 20190197739, | |||
| 20190236850, | |||
| 20190333070, | |||
| 20200111237, | |||
| 20200205723, | |||
| 20200219288, | |||
| 20200221125, | |||
| 20200374498, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| May 28 2020 | MONAGHAN, ROBERT | ILLUSCIO, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 055722 | /0677 | |
| May 28 2020 | BOGACZ, JOSEPH | ILLUSCIO, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 055722 | /0677 | |
| May 29 2020 | MARUVADA, VENKATARAO | ILLUSCIO, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 055722 | /0677 | |
| Mar 25 2021 | Illuscio, Inc. | (assignment on the face of the patent) | / |
| Date | Maintenance Fee Events |
| Mar 25 2021 | BIG: Entity status set to Undiscounted (note the period is included in the code). |
| Apr 01 2021 | SMAL: Entity status set to Small. |
| Date | Maintenance Schedule |
| Jul 27 2024 | 4 years fee payment window open |
| Jan 27 2025 | 6 months grace period start (w surcharge) |
| Jul 27 2025 | patent expiry (for year 4) |
| Jul 27 2027 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Jul 27 2028 | 8 years fee payment window open |
| Jan 27 2029 | 6 months grace period start (w surcharge) |
| Jul 27 2029 | patent expiry (for year 8) |
| Jul 27 2031 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Jul 27 2032 | 12 years fee payment window open |
| Jan 27 2033 | 6 months grace period start (w surcharge) |
| Jul 27 2033 | patent expiry (for year 12) |
| Jul 27 2035 | 2 years to revive unintentionally abandoned end. (for year 12) |